Comment by jmuncor
17 hours ago
Just fixed it and implemented a simple http relay, eliminating the mitmproxy and the ssl_insecure=true. The new implementation uses TLS verification, doing last tests and merging it... After the merge can you check it out and tell me if I earned your star? :D
I’m not sure you fully understand the implications of the misconfiguration of mitmproxy there. Effectively you provided an easily accessible front door for remote code execution on a user’s machine.
No offense, but I wouldn’t trust anything else you published.
I think it’s great that you are learning and it is difficult to put yourself out there and publish code, but what you originally wrote had serious implications and could have caused real harm to users.
Ohh my, no offense taken... The next time I will be a lot more careful with the stuff that I put out there. Learning and getting the hang of it, would love if you either comment on the code or here any other things you think could be improved. I am in the process of getting better and appreciate all the blunt and transparent feedback. No one grows out of praise.
it's incredible that people pointed out very specifically what's wrong and you fell back to weaponized incompetence to shift the intellectual and mental burden of reviewing the code to outsiders instead of thinking for yourself. this is the problem with relying on LLM,s instead of thinking for yourself you just ask LLMs, and now other real people "idk just fix it for me make it work". do you really not see the problem with this?
I don't think you can get professionals to review code that you didn't even bother typing yourself.
You aren't learning much. You're vibe coding, which means you learn almost nothing, except maybe prompting your LLM better.
No, you’re in the process of vibe coding stuff you don’t understand and you will most likely never understand until you take the time to open a book.
2 replies →
>tell me if I earned your star
Since you asked: Not in a million years, no.
A bug of this type is either an honest typo or a sign that the author(s) don't take security seriously. Even if it were a typo, any serious author would've put a large FIXME right there when adding that line disabling verification. I know I would. In any case a huge red flag for a mitm tool.
Seeing that it's vibe coded leads me believe it's due to AI slop, not a simple typo from debugging.
I love the real feedback tbh, I am still learning, and want to learn as much as possible. Would love if you can review it and tell me bluntly either in the repo or here the things that should be improved. I would love to learn more from you and get better :D
I'm not going to review it in full, sorry. Reviewing is so much more effort compared to producing something with AI. But don't let me deter you, keep on learning and keep on building.
I wish I had the possibilities to learn and build on such a large scale when I started out. AI is a blessing and a curse I guess.
My own early projects were most definitely crap, and I made the exact same mistakes in the past. Honestly my first attempts were surely worse. But my projects were also tiny and incomplete, so I never published them.
However: What little parts I did publish as open-source or PRs were meticulously reviewed before ever hitting send, and I knew these inside and out and they were as good as I could make it.
Vibe-coded software is complete but never as good as you could make it, so the effort in reviewing it is mostly wasted.
I guess what I'm trying to say is I'm a bit tired of seeing student-level projects on HN / Github cosplaying as production ready software built by an experienced engineer. It used to be possible to distinguish these from the README or other cues, but nowadays they all look professional and are unintentionally polluting the software space when I'm actually looking for something.
Please understand that this is not specifically directed at you, it's pent up frustration from reading HN projects over the last months. Old guy yelling at clouds.
1 reply →
it is incredible that people pointed out very specifically what's wrong and you fell back to weaponized incompetence to shift the intellectual and mental burden of reviewing the code to outsiders instead of thinking for yourself. this is the problem with relying on LLM,s instead of thinking for yourself you just ask LLMs, and now other real people "idk just fix it for me make it work". do you really not see the problem with this?
I appreciate that attitude. Keep it up.
unlikely to get that from a throwaway
2 replies →
You don't understand what you're doing, and never will. Throw away all computing devices you've got.